Re: Personal Firewalls

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>However, there is a possibility if you want to find the computer by IP, if you use manageable switches. As you know which >IPs are improper, you can also find the corresponding MAC address passively from the router's ARP table (or actively by >arping), and the switches will be able to tell you on which port this MAC is plugged. Then you can e.g. shutdown the port or >follow the cable to the physical computer location.

Just reporting back on how this went. The above worked beautifully and the suspect PC has been identified.
Two puzzling aspect which I hope the list will throw some light on is:

1. The ipconfig /all command on Windows returns the description of the NIC with company A but the MAC address contains the code for company B according to OUI scheme.

http://standards.ieee.org/regauth/oui/oui.txt

Is this an industry practice?

Both IP and MAC addresses match that of the investigated computer.

2. Our proxy access logs show that sites C and D were heavily accessed. The browser history shows site shows D being accessed but not a trace of access to C. I am suspecting an ftp server being used.

Thanks in advance for the help.

alfred,

--
Perl - "... making the easy jobs easy,
without making the hard jobs impossible."
'The Camel', 3ed

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux